XcodeGhost the 'largest App Store breach in history'
Apple customers take comfort in the preconceived notion that iOS devices aren't susceptible to malware, because the company checks every app carefully before they're approved for public availability via the App Store. Despite the latest high-profile security incident, Apple will maintain that perception, according to Anderson. "There could be additional Apple exploits over the coming year, and we could start getting annoyed by them … but I think [iOS] is going to hold onto that perception of being [more secure] than Android for the foreseeable future," he says.
Thomas Reed, a Mac security expert and director of software maker Malwarebytes, calls the XcodeGhost attack "easily the largest App Store breach in history" and says the incident "will erode consumer confidence in the App Store as a (mostly) unassailable malware-free fortress."
Apple's review process, paired with its goal of absolute control over the App Store, reinforces the perception that its devices are more secure. When that system fails, trusting users become victims, and over time confidence and blind faith will be called into question. "Perfectly respectable, legitimate apps turned out to be infected," Reed writes in a related blog post. "It's hard for any user to be on guard against this kind of malware. Especially on iOS, where security features in the system make anti-malware software impossible."
In many ways, Apple is a victim of its own success. "Apple's security strategy is so well-engineered that its biggest danger may be the false sense of security that it gives developers and the massive number of iPhone users," says John Gunn, vice president of communications at Vasco Data Security.
Apple and devs to blame, but iOS users need to be vigilant
The specific long-term effects of the XcodeGhost malware attack are unknown, but because no serious or particularly nefarious events occurred as a result, Anderson believes last year's iCloud-based attacks on more than 100 celebrities were more damaging. However, Apple wasn't hacked in that case; users' accounts, and the associated passwords, were compromised. "That was devastating for those people, but it wasn't a platform attack. It was just as effective as if it had been, but the platform itself wasn't really questioned."
Apple will shoulder much of the blame for failing to detect XcodeGhost, but the onus is also on developers who used infected versions of Xcode. These coders reportedly downloaded bad versions of the utility hosted on third-party sites, in an effort to avoid the latest version the software because it is so large (more than 4GB). However, they had to disable Gatekeeper, Apple's security software, to run the bootleg, infected Xcode tools.
Sign up for Computerworld eNewsletters.